chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #2

dependabot · 2024-04-13T00:30:18Z

Bumps the npm_and_yarn group with 3 updates in the / directory: ajv, textlint and node-fetch.

Updates ajv from 4.11.8 to 8.12.0

Release notes

v8.12.0

fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @piliugin-anton)

empty JTD "values" schema (#2191)

empty object to work with JTD utility type (#2158, @erikbrinkman)

fix JTD "discriminator" schema for objects with more than 8 properties (#2194)

correctly narrow "number" type to "integer" (#2192, @JacobLey)

update Node.js versions in CI to 14, 16, 18 and 19

v8.11.2

Update dependencies

Export ValidationError and MissingRefError (ajv-validator/ajv#1840, @dannyb648)

v8.11.1

Update dependencies

Export ValidationError and MissingRefError (#1840, @dannyb648)

v8.11.0

Use root schemaEnv when resolving references in oneOf (#1901, @asprouse)

Only use equal function in generated code when it is used (#1922, @bhvngt)

v8.10.0

uriResolver option (@zekth, #1862)

v8.9.0

Option code.esm to generate ESM exports for standalone validation functions (@rehanvdm, #1861) Support discriminator keyword with $ref in oneOf subschemas (@dfeufel, #1815)

v8.8.2

Use full RegExp string (with flags) as cache key, related to ajv-validator/ajv-keywords#220

v8.8.1

Fix minContains: 0 (#1819)

v8.8.0

Fix browser bundles in cdnjs regExp option allowing to specify alternative RegExp engine, e.g. re2 (@efebarlas)

v8.7.1

Publish Ajv bundle for JSON Schema 2020-12 to cdnjs.com

v8.7.0

Update JSON Schema Test Suite. Change minContains: 0 now correctly allows empty array.

v8.6.3

Fix $ref resolution for schemas without $id (@rbuckton, #1725) Support standalone module import from ESM modules without using .default property (@bhvngt, #1757)

... (truncated)

Commits

bf1266a 8.12.0
321fad6 update node versions (#2195)
c5c195b fix JTD discriminator with more than 8 properties, fixes #1971 (#2194)
527d43a build(deps-dev): bump @rollup/plugin-commonjs from 23.0.7 to 24.0.0 (#2184)
2e5884b build(deps-dev): bump @rollup/plugin-typescript from 9.0.2 to 10.0.1 (#2193)
a697668 build(deps-dev): bump @rollup/plugin-json from 5.0.2 to 6.0.0 (#2183)
dab8504 special case empty object for jtd (#2158)
d2c57d9 build(deps-dev): bump @rollup/plugin-typescript from 8.5.0 to 9.0.2 (#2160)
a489265 correctly narrow "number" type to "integer", fixes #1935 (#2192)
a211e8d JTD empty values schema, fixes #1949 (#2191)
Additional commits viewable in compare view

Updates textlint from 11.9.0 to 14.0.4

Release notes

Sourced from textlint's releases.

[email protected]

11.9.1 (2021-05-08)

Bug Fixes

deps: update patch updates (#761) (73e81f9)

text-to-ast: correct to parse CRLF empty line (#763) (a3288e0)

Commits

eb85d7c chore(release): v14.0.4 (#1370)
79e0fb9 fix severity type (#1369)
8ca050b fix(deps): update babel monorepo to ^7.24.0
5c6df8d fix(deps): update dependency diff to ^5.2.0
6cef950 chore(release): v14.0.3 (#1363)
aee0a63 fix(formatter): fix missing is-file dependencies (#1362)
ffd9a7d chore(deps): update dependency mocha to ^10.3.0
70c4bfe chore(release): v14.0.2 (#1358)
5c68e9d add TxtCommentNode to StaticPhrasingContent (#1357)
34317df Update README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by textlint-user, a new releaser for textlint since your current version.

Updates ansi-regex from 2.1.1 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

v5.0.0

Breaking

Require Node.js 8 166a0d5

Enhancements

Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

a9babce 5.0.1
4657833 fix incorrect format
c3c0b3f Fix potential ReDoS (#37)
178363b Move to GitHub Actions (#35)
0755e66 Add @Qix- to funding.yml
2b56fb0 5.0.0
f26f7fe Meta tweaks
e77ea17 Add TypeScript definition (#32)
166a0d5 Require Node.js 8
f115fca Tidelift tasks
Additional commits viewable in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

c3a7524 2.2.3
94fd06d docs: update CHANGELOG for v2.2.3
3b8cebf docs(security): use GitHub security advisories
f0fd9e1 docs: publish a security policy
6a91a05 docs(template): bug -> bug report
14f8cb1 2.2.2
10cc7ca docs: update CHANGELOG for v2.2.2
7774c10 fix: add proto to objects and arrays
edde30a Readme: slight tweak to intro
97286f8 Improve example in readme
Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates node-fetch from 2.6.1 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

"global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

9b9d458 feat: AbortError (#1744)
65ae25a fix: Remove the default connection close header (#1765)
8bc3a7c fix: socket variable testing for undefined (#1726)
afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
29909d7 fix: handle bom in text and json (#1739)
70f592d fix: "global is not defined" (#1704)
0f1ebb0 Prevent error when response is null (#1699)
6e9464d ci(release): install dependencies
dd2a0ba ci(release): install dependencies
49bef02 ci(release): use latest Node LTS
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates Bumps the npm_and_yarn group with 3 updates in the / directory: [ajv](https://github.com/ajv-validator/ajv), [textlint](https://github.com/textlint/textlint) and [node-fetch](https://github.com/node-fetch/node-fetch). Updates `ajv` from 4.11.8 to 8.12.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@4.11.8...v8.12.0) Updates `textlint` from 11.9.0 to 14.0.4 - [Release notes](https://github.com/textlint/textlint/releases) - [Commits](https://github.com/textlint/textlint/compare/[email protected]) Updates `ansi-regex` from 2.1.1 to 5.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@2.1.1...v5.0.1) Updates `json5` from 2.2.0 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `node-fetch` from 2.6.1 to 2.7.0 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.1...v2.7.0) --- updated-dependencies: - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: textlint dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-04-13T00:32:21Z

Looks like these dependencies are up-to-date now, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 13, 2024

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-b2a9da9338 branch from 0aafdfa to 7918c0b Compare April 13, 2024 00:30

dependabot bot closed this Apr 13, 2024

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-b2a9da9338 branch April 13, 2024 00:32

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #2

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #2

dependabot bot commented on behalf of github Apr 13, 2024 •

edited

Loading

dependabot bot commented on behalf of github Apr 13, 2024

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #2

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #2

Conversation

dependabot bot commented on behalf of github Apr 13, 2024 • edited Loading

v8.12.0

v8.11.2

v8.11.1

v8.11.0

v8.10.0

v8.9.0

v8.8.2

v8.8.1

v8.8.0

v8.7.1

v8.7.0

v8.6.3

[email protected]

11.9.1 (2021-05-08)

Bug Fixes

v5.0.1

Fixes (backport of 6.0.1 to v5)

v5.0.0

Breaking

Enhancements

v4.1.0

v2.2.3

v2.2.2

v2.2.1

v2.2.3 [code, diff]

v2.2.2 [code, diff]

v2.2.1 [code, diff]

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

v1.2.7 - 2022-10-10

Commits

v2.7.0

2.7.0 (2023-08-23)

Features

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

v2.6.11

2.6.11 (2023-05-09)

Reverts

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

v2.6.8

2.6.8 (2023-01-13)

dependabot bot commented on behalf of github Apr 13, 2024

dependabot bot commented on behalf of github Apr 13, 2024 •

edited

Loading

Fixes (backport of `6.0.1` to v5)